<script>

var ca_list = [
	"AAA Certificate Services",
	"AC DGTPE Signature Authentification",
	"AC Ra..z Certic..mara S.A.",
	"Actalis Authentication Root CA",
	"AddTrust Class 1 CA Root",
	"AddTrust External CA Root",
	"AddTrust Public CA Root",
	"AddTrust Qualified CA Root",
	"AffirmTrust Commercial",
	"AffirmTrust Networking",
	"AffirmTrust Premium",
	"AffirmTrust Premium ECC",
	"Amazon Root CA 1",
	"Amazon Root CA 2",
	"Amazon Root CA 3",
	"Amazon Root CA 4",
	"Autoridad de Certificacion Firmaprofesional CIF A62634068",
	"Baltimore CyberTrust Root",
	"Buypass Class 2 Root CA",
	"Buypass Class 3 Root CA",
	"CA ...............",
	"CA Disig Root R1",
	"CA Disig Root R2",
	"CA WoSign ECC Root",
	"CFCA EV ROOT",
	"CNNIC ROOT",
	"CNNIC ROOT",
	"COMODO Certification Authority",
	"COMODO ECC Certification Authority",
	"COMODO RSA Certification Authority",
	"Certification Authority of WoSign",
	"Certification Authority of WoSign G2",
	"Certigna",
	"Certinomis - Autorit.. Racine",
	"Certinomis - Root CA",
	"Certplus Root CA G1",
	"Certplus Root CA G2",
	"Certum CA",
	"Certum Trusted Network CA",
	"Certum Trusted Network CA 2",
	"Chambers of Commerce Root",
	"Chambers of Commerce Root - 2008",
	"China Internet Network Information Center EV Certificates Root",
	"Class 2 Primary CA",
	"Cybertrust Global Root",
	"D-TRUST Root CA 3 2013",
	"D-TRUST Root Class 3 CA 2 2009",
	"D-TRUST Root Class 3 CA 2 EV 2009",
	"DST ACES CA X6",
	"DST Root CA X3",
	"Deutsche Telekom Root CA 2",
	"DigiCert Assured ID Root CA",
	"DigiCert Assured ID Root G2",
	"DigiCert Assured ID Root G3",
	"DigiCert Global Root CA",
	"DigiCert Global Root G2",
	"DigiCert Global Root G3",
	"DigiCert High Assurance EV Root CA",
	"DigiCert Trusted Root G4",
	"DigiNotar Cyber CA",
	"DigiNotar PKIoverheid CA Organisatie - G2",
	"DigiNotar PKIoverheid CA Overheid en Bedrijven",
	"E-Tugra Certification Authority",
	"EC-ACC",
	"Entrust Root Certification Authority",
	"Entrust Root Certification Authority - EC1",
	"Entrust Root Certification Authority - G2",
	"Entrust.net Certification Authority (2048)",
	"Entrust.net Certification Authority (2048)",
	"Equifax Secure Global eBusiness CA-1",
	"GTE CyberTrust Global Root",
	"GeoTrust Global CA",
	"GeoTrust Global CA 2",
	"GeoTrust Primary Certification Authority",
	"GeoTrust Primary Certification Authority - G2",
	"GeoTrust Primary Certification Authority - G3",
	"GeoTrust Universal CA",
	"GeoTrust Universal CA 2",
	"Global Chambersign Root",
	"Global Chambersign Root - 2008",
	"GlobalSign",
	"GlobalSign",
	"GlobalSign",
	"GlobalSign",
	"GlobalSign Root CA",
	"Go Daddy Root Certificate Authority - G2",
	"Hellenic Academic and Research Institutions ECC RootCA 2015",
	"Hellenic Academic and Research Institutions RootCA 2011",
	"Hellenic Academic and Research Institutions RootCA 2015",
	"Hongkong Post Root CA 1",
	"ISRG Root X1",
	"IdenTrust Commercial Root CA 1",
	"IdenTrust Public Sector Root CA 1",
	"Izenpe.com",
	"LuxTrust Global Root 2",
	"NetLock Arany (Class Gold) F..tan..s..tv..ny",
	"Network Solutions Certificate Authority",
	"OISTE WISeKey Global Root GA CA",
	"OISTE WISeKey Global Root GB CA",
	"OpenTrust Root CA G1",
	"OpenTrust Root CA G2",
	"OpenTrust Root CA G3",
	"QuoVadis Root CA 1 G3",
	"QuoVadis Root CA 2",
	"QuoVadis Root CA 2 G3",
	"QuoVadis Root CA 3",
	"QuoVadis Root CA 3 G3",
	"QuoVadis Root Certification Authority",
	"S-TRUST Universal Root CA",
	"SZAFIR ROOT CA2",
	"Secure Certificate Services",
	"Secure Global CA",
	"SecureSign RootCA11",
	"SecureTrust CA",
	"Sonera Class2 CA",
	"Staat der Nederlanden EV Root CA",
	"Staat der Nederlanden Root CA - G2",
	"Staat der Nederlanden Root CA - G3",
	"Starfield Root Certificate Authority - G2",
	"Starfield Services Root Certificate Authority - G2",
	"StartCom Certification Authority",
	"StartCom Certification Authority",
	"StartCom Certification Authority G2",
	"SwissSign Gold CA - G2",
	"SwissSign Platinum CA - G2",
	"SwissSign Silver CA - G2",
	"Swisscom Root CA 1",
	"Swisscom Root CA 2",
	"Swisscom Root EV CA 2",
	"Symantec Class 1 Public Primary Certification Authority - G4",
	"Symantec Class 1 Public Primary Certification Authority - G6",
	"Symantec Class 2 Public Primary Certification Authority - G4",
	"Symantec Class 2 Public Primary Certification Authority - G6",
	"T-TeleSec GlobalRoot Class 2",
	"T-TeleSec GlobalRoot Class 3",
	"T..B..TAK UEKAE K..k Sertifika Hizmet Sa..lay..c..s.. - S..r..m ...",
	"T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s.. H5",
	"TC TrustCenter Class 3 CA II",
	"TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1",
	"TWCA Global Root CA",
	"TWCA Root Certification Authority",
	"TeliaSonera Root CA v1",
	"Trusted Certificate Services",
	"USERTrust ECC Certification Authority",
	"USERTrust RSA Certification Authority",
	"UTN-USERFirst-Client Authentication and Email",
	"UTN-USERFirst-Hardware",
	"UTN-USERFirst-Hardware",
	"UTN-USERFirst-Object",
	"VeriSign Class 1 Public Primary Certification Authority - G3",
	"VeriSign Class 2 Public Primary Certification Authority - G3",
	"VeriSign Class 3 Public Primary Certification Authority - G3",
	"VeriSign Class 3 Public Primary Certification Authority - G4",
	"VeriSign Class 3 Public Primary Certification Authority - G5",
	"VeriSign Class 3 Public Primary Certification Authority - G5",
	"VeriSign Universal Root Certification Authority",
	"Visa eCommerce Root",
	"XRamp Global Certification Authority",
	"thawte Primary Root CA",
	"thawte Primary Root CA - G2",
	"thawte Primary Root CA - G3"
];

function Certificate(data, hostname) {
  this._data = data;
  if (hostname) {
    this._hostname = hostname;
  }
}

// Encapsulation in JavaScript 封装，继承，多态CRUD就属于多态一种
// The one disadvantage of overwriting the prototype is that
// the constructor property no longer points to the prototype,
// so we have to set it manually.
Certificate.prototype = {
  constructor: Certificate,

  getSubject : function () {
    var s = {};
    s.C = this._data.subject.C;
    s.ST = this._data.subject.ST;
    s.L = this._data.subject.L;
    s.OU = this._data.subject.OU;
    s.O = this._data.subject.O;
    s.CN = this._data.subject.CN;

    return s;
  },

  getIssuer : function () {
    var i = {};
    i.C = this._data.issuer.C;
    i.OU = this._data.issuer.OU;
    i.O = this._data.issuer.O;
    i.CN = this._data.issuer.CN;

    return i;
  },

  getIssuerCertificate : function () {
    if (!this._data.issuerCertificate) {
      return null;
    }
    return new Certificate(this._data.issuerCertificate);
  },

  getMiscInfo : function () {
    var m = {};

    m.valid_from = this._data.valid_from;
    m.valid_to = this._data.valid_to;
    if (this._data.cipher) {
      m.cipher = this._data.cipher.name;
    }
    if (this._data.fingerprint) {
      m.fingerprint = this._data.fingerprint;
    }
    if (this._data.serialNumber) {
      m.serialNumber = this._data.serialNumber;
    }
    if (this._data.modulus) {
      m.pub_key_len = this._data.modulus.length*4;
      m.pub_key_val = this._data.modulus;
    }
    return m;
  },

  getCertChain : function () {
    var chains = new Array();

    chains.push(this._data.subject.CN);
    chains.push(this._data.issuer.CN);
    var issuer = this._data.issuerCertificate;
    while (issuer) {
      /*上级发证者证书常用名已添加过，此处跳过*/
      if (chains.indexOf(issuer.subject.CN) == -1) {
        chains.push(issuer.subject.CN);
      }
      issuer = issuer.issuerCertificate;
    }
    chains.reverse();
    return chains;
  },

  _checkAuthority: function ()  {
    var chains = this.getCertChain();
    var top_ca = chains[0];
    var idx = ca_list.indexOf(top_ca);

    if  (idx != -1) {
      return true;
    } else {
      return false;
    }
  },

  _checkNoexpire: function ()  {
    var from = Date.parse(this._data.valid_from);
    var to = Date.parse(this._data.valid_to);
    var now = new Date().getTime();

    if (from < now && now < to) {
      return true;
    }
    return false;
  },

  _checkHostname: function ()  {
    var subject_names = this._data.subjectaltname;

    if (!subject_names) {
      return false;
    }
    var altname_arr = subject_names.split(',');
    for (var i =0; i<altname_arr.length; i++) {
      var dnsname = altname_arr[i];
      var matches = dnsname.match(/DNS:(.*)$/);
      if (matches && matches[1] ) {
        var strmatch = matches[1];
        var arrmatch = strmatch.split('');
        for (var j=0; j<arrmatch.length; j++) {
          if (arrmatch[j] == '*') {
            arrmatch[j] = '(.*)';
          }else if (arrmatch[j] == '.') {
            arrmatch[j] = '\.';
          }
        }
        var regstr = arrmatch.join('');
        var reg = new RegExp(regstr);
        var m = this._hostname.match(reg);
        if (m) {
          return true;
        }
      }
    }
    return false;
  },

  _checkCipher: function ()  {

    if (!this._data.modulus) {
      return false;
    }

    var bitlen = this._data.modulus.length*4;
    if (bitlen <=1024) {
      return false;
    }

    return true;
  },

  getSummary : function() {
    var summary = {}

    summary.authority = this._checkAuthority();
    summary.noexpire = this._checkNoexpire();
    summary.hostname = this._checkHostname();
    summary.cipher = this._checkCipher();
    return summary;
  }
};
</script>
